Cyber threat well understood but organisations lack ‘intelligence’ to deal with it

Posted on by admini

Malcolm Marshall, KPMG partner and head of the firm’s Information Protection & Business Resilience team, said: “Increased awareness of cyber security threats is a positive trend, but indications are that organisations now need to focus on putting into place the fundamentals of intelligence management to gain real value from what they know. These revolve around creating an intelligence-led mindset within organisations, implementing an operating model similar to those employed by the intelligence community and building a decision-making process which is centred on a tightly controlled “information gathering programme”.

“Cyber threat: intelligence and lessons from law enforcement” argues that an intelligence-led mindset establishes a direct connection between the threats and vulnerabilities organisations face and the consequences of their compliance or inaction.

The report also goes on to argue that to embed intelligence-led decision-making, business leaders should follow the example set by law enforcement agencies. For example, rather than simply collating data, KPMG’s report urges organisations to set parameters for the type of information being gathered, so that haphazard approaches to analysis and actions can be avoided.

Link: http://www.investortoday.co.uk/news_features/cyber-threat-well-understood-but-organisations-lack-E28098intelligenceE28099-to-deal-with-it

Read more

Hackers’ StealRat botnet turns 85,000 unique IPs into malware-spreading tools

Posted on by admini

The infected machine acts as a liaison between the spam server and the compromised website,” wrote De La Torre.

“As there is no interaction between the spam and server, it will appear the email has originated from the infected machine. In essence, they have separated the core functions and minimised interactions among them to cut off any threads that could link them to each other.”

The tactic has reportedly proven effective, with Trend estimating the attackers are using 85,000 unique IP addresses or domains to send out spam to seven million chosen email addresses.

Link: http://www.v3.co.uk/v3-uk/news/2283924/hackers-stealrat-botnet-turns-85-000-unique-ips-into-malwarespreading-tools

Read more

HP Updates ArcSight Portfolio With Security Analytics

Posted on by admini

“Typically batch in nature, big data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners or criminal or collusive rings of fraudulent or abusive activity,” Avivah Litan, an analyst at IT research firm Gartner, said in a statement. “Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products for HP, said in a statement. “With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services.”

With the launch of IdentityView 2.5, HP has expanded the number of users that a single instance can monitor by 10 times, an enhancement designed to help organizations correlate security incident and event data across an expansive user base to reduce insider threat risk.

“With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care,” Keith Duemling, information security officer at Lake Health, said in a statement. “By automating threat detection across our network, HP ArcSight allowed us to move to a much more proactive approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10.”

Link: http://www.eweek.com/small-business/hp-updates-arcsight-portfolio-with-security-analytics/

Read more

Big banks staged mega-cyberattack drill last Thursday

Posted on by admini

An employee sitting at his desk might get a prompt saying, “this bank is having integrity issues with money,” or “you cant make trades over this technical system.” The employee then might role-play talking to an FBI agent — likely an actual one enlisted to help with the drill, said Dave Aitel, CEO of the security firm Immunity, who formerly worked as a research scientist for the National Security Agency.

The financial sector is hoping to prepare itself for a massive, disruptive attack — a growing concern lately, as “hacktivists,” organized cybercriminals and government-spnosored attacks become increasingly large and successful. Though still a far-off doomsday scenario, some security industry experts say the financial sector is vulnerable to cyber-terrorists aiming to damage the U.S. economy. That’s because banks and other financial institutions have to do deal with money flows in real time, with markets hanging in the balance.

Though some skeptical security experts dismissed Quantum Dawn as a PR stunt, SIFMA said the first run was useful in uncovering flaws in the industry’s cyberattack protocols. The trade group found that banks were largely good at sharing information with one another, but bad at making real-time critical decisions for mitigating the threats.

Link: http://money.cnn.com/2013/07/18/technology/security/bank-cyberattack/index.html

Read more

Security company to release testing tool for SAP mobile access

Posted on by admini

Exposing those back-end systems is complicated, and companies can face a risk of hacking if the systems are misconfigured or do not have up-to-date patches.

Sanjay Poonen, head of SAP’s mobile division, said at the Sapphire Now conference in May that the company has more than 1,000 people working on mobile-related projects in areas such as retail, banking and consumer package goods.

Last year, SAP reported more than €222 million (US$293 million) in license revenue from its mobile-related business, a revenue stream that didn’t exist two and half years prior, Poonen said.

Nunez said companies faces risks if, for example, a CRM (customer relationship management) system is incorrectly configured for access by mobile devices, opening a door for hackers using attack tools for Web services.

X1’s mobile security module looks at what functions and processes are exposed in the back-end systems and not on the mobile application itself, Nunez said.

Link: http://m.itworld.com/security/365487/security-company-release-testing-tool-sap-mobile-access

Read more

As cyber attacks detonate, banks gird for battle

Posted on by admini

JPMorgan and its peers like Bank of America, Citigroup and Wells Fargo have signed up for Thursday’s drill, which is being organized by Wall Street’s biggest trade group, the Securities Industry and Financial Markets Association, or SIFMA.

They’ll monitor a simulated stock exchange for irregular trading and will be pressed to figure out what’s going on and how to react while sharing information with regulators and each other.

But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic — akin to overwhelming a phone line with too many calls.

“If you went to banks three years ago, and said, ‘What are your top five risks?’, probably none of them would put cyber on there,” said Karl Schimmeck, SIFMA’s vice president for financial services operations.

The Office of the Comptroller of the Currency, which regulates national banks, recently held a call with community bankers to warn them that they’re not free from danger either: Since September, attacks have been increasingly aimed at businesses with fewer than 250 employees, the OCC says. Customers would have to go through certain steps to get their money back, like filing a claim, showing that they weren’t negligently tossing their account information around and giving the bank time to investigate.

A DRILL BY ANY OTHER NAME: As for the title of Thursday’s drill, the one that sounds more appropriate for an action movie than a bank security exercise, it came about during the creation of the original drill in 2011, which was organized by the Financial Services Sector Coordinating Council.

Link: http://www.seattlepi.com/business/technology/article/As-cyber-attacks-detonate-banks-gird-for-battle-4667972.php

Read more